Pomocy!!!!!!!!

[vellus]

Niech mo ktos pomoże sprawdzic to cos...bede bardzo wdzieczna
Logfile of HijackThis v1.99.0
Scan saved at 18:29:22, on 2005-02-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\_ArcadeDownloadFolder\Tlen.pl\tlen.exe
D:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Warez P2P Client\warez.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Magda\Ustawienia lokalne\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: HyperSearchHook - {65B6D189-D0B5-4A86-BC5D-FD37EF709206} -
D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {7CA77709-9906-F941-F525-858798E30265} -
D:\DOCUME~1\Magda\DANEAP~1\Holdchic\bend show.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Spyware Stormer] D:\Program Files\Spyware
Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Atom Body Bows Internet] D:\Documents and Settings\All
Users\Dane aplikacji\BindSignAtomBody\Save four.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Komunikator] D:\Program
Files\_ArcadeDownloadFolder\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [errormove] D:\DOCUME~1\Magda\DANEAP~1\REMOTE~1\link each.exe
O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{84966413-D6EB-4EDE-80EA-D36D23E0BDAE}:
NameServer = 192.168.0.1,194.204.159.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{E83DE1B5-AA3F-49E3-A17F-272D8026045A}:
NameServer = 192.168.0.1,194.204.152.34
O17 -
HKLM\System\CS1\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - D:\Program
Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe

[cnjry]

O4 - HKLM\..\Run: [Spyware Stormer] D:\Program Files\Spyware
Stormer\SpywareStormer.Exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> D:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
> D:\Program Files\Warez P2P Client\warez.exe

Jak dla mnie to jest syf, widze wiecej ale nie jestem pewien.
Jestes z piotrkowa ?

[m.gregor]

> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> minisearch.startnow.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> minisearch.startnow.com/
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> www.startnow.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> minisearch.startnow.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> minisearch.startnow.com/
> R3 - URLSearchHook: HyperSearchHook - {65B6D189-D0B5-4A86-BC5D-FD37EF709206} -
> D:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
> O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
> O2 - BHO: (no name) - {7CA77709-9906-F941-F525-858798E30265} -
> D:\DOCUME~1\Magda\DANEAP~1\Holdchic\bend show.exe
> O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
> O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
> O4 - HKLM\..\Run: [Spyware Stormer] D:\Program Files\Spyware
> Stormer\SpywareStormer.Exe
> O4 - HKLM\..\Run: [Atom Body Bows Internet] D:\Documents and Settings\All
> Users\Dane aplikacji\BindSignAtomBody\Save four.exe
> O4 - HKCU\..\Run: [errormove] D:\DOCUME~1\Magda\DANEAP~1\REMOTE~1\link each.exe
> O4 - HKCU\..\Run: [warez] "D:\Program Files\Warez P2P Client\warez.exe" -h
> O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
> www.windowsecurity.com/trojanscan/TDECntrl.CAB
> O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
> www3.ca.com/securityadvisor/virusinfo/webscan.cab
> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
> www.bitdefender.com/scan/Msie/bitdefender.cab
Zaznaczasz i klikasz FixChecked. Znowu robisz skan i znowu wklejasz loga.

[vellus]

Oki zrobiłam tak jak pisaliscie o to nowy log
Logfile of HijackThis v1.99.0
Scan saved at 19:05:14, on 2005-02-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\_ArcadeDownloadFolder\Tlen.pl\tlen.exe
D:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Warez P2P Client\warez.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
d:\progra~1\intern~1\iexplore.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Documents and Settings\Magda\Moje dokumenty\programy\Gadu-Gadu\gg.exe
D:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Magda\Ustawienia lokalne\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Komunikator] D:\Program
Files\_ArcadeDownloadFolder\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [errormove] D:\DOCUME~1\Magda\DANEAP~1\REMOTE~1\link each.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{84966413-D6EB-4EDE-80EA-D36D23E0BDAE}:
NameServer = 192.168.0.1,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E83DE1B5-AA3F-49E3-A17F-272D8026045A}:
NameServer = 192.168.0.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{396CFFEE-CBC1-4C05-894B-8CC1824FA6B0}:
NameServer = 192.168.0.1,194.204.159.1
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - D:\Program
Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe

[m.gregor]

Jeszcze to:
> O4 - HKCU\..\Run: [errormove] D:\DOCUME~1\Magda\DANEAP~1\REMOTE~1\link each.exe

Sprobuj usunac to w trybie awaryjnym (zanim pojawi sie czarna plansza z
WindowsXP wcisnij F8, potem z listy wybierz Tryb awaryjny, jak juz windowsy
wystartuja wybierz SWOJE konto, nie konto Administratora, uruchom HiJackThis,
wybierz Do a system scan only, zaznacz ta pozycje i kliknij USUN).
A potem:
forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430
+ watki nastepne gdzie sa erraty do linkow + inne programy.